Warning: You are browsing the documentation for Symfony 2.3, which is no longer maintained.

Read the updated version of this page for Symfony 5.3 (the current stable version).

Recipes about Security

The Symfony Cookbook is a continuously growing collection of specific recipes that explain how to correctly solve the most recurrent problems that Symfony developers face in their day to day work.

2.3 version

Maintained

4.4 5.3 current 5.4 dev 6.0

Unmaintained

2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 3.0 3.1 3.2 3.3 3.4 4.0 4.1 4.2 4.3 5.0 5.1 5.2

Security¶

Authentication (Identifying/Logging in the User)¶

How to Build a Traditional Login Form
- Redirecting after Success
- Avoid Common Pitfalls
How to Load Security Users from the Database (the Entity Provider)
How to Add “Remember Me” Login Functionality
- Forcing the User to Opt-Out of the Remember Me Feature
- Forcing the User to Re-Authenticate before Accessing certain Resources
How to Impersonate a User
- Events
How to Customize your Form Login
- Form Login Configuration Reference
- Redirecting after Success
How to Create a custom User Provider
How to Create a custom Authentication Provider
Using pre Authenticated Security Firewalls
- X.509 Client Certificate Authentication
How to Change the default Target Path Behavior
Using CSRF Protection in the Login Form
- Configuring CSRF Protection
- Rendering the CSRF field
How to Use multiple User Providers

Authorization (Denying Access)¶

This work, including the code samples, is licensed under a Creative Commons BY-SA 3.0 license.